New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support tls version #240
Support tls version #240
Conversation
Thanks for implementing this @drexler . I was looking for something like this as well. However, would it be better to default to the more secure TLS1.2 instead of TLS1.0? I know AWS defaults to TLS1.0 for more backwards compatibility, but just wondering what others thought about this as well. Also in the documentation addition, it seems you put in |
@rts-cwalker i intentionally kept the default in line with AWS defaults. I think going forward that will prevent surprises when users install it. Also, the documentation update i did does specify |
@drexler Actually, looks like AWS defaults to TLS1.2 for any new custom APIGW domains now. I just tried created a new one via AWS console and it defaults to TLS1.2 now. Maybe this allows us to default to 1.2 now in this plugin as well? |
5f40144
to
d9bd4e6
Compare
@rts-cwalker good catch 👍 . You're right and i've updated my PR to now default to TLS v1.2 |
@drexler Cool looks good. Except does this line need to be changed as well? https://github.com/amplify-education/serverless-domain-manager/pull/240/files#diff-938360079f2a94b0aa5704b05ac404f5R18 |
@rts-cwalker oops. I'll address that. |
d9bd4e6
to
4baf095
Compare
Hey everyone - this looks good to me. Thanks again for taking the time to implement this feature. I'll go ahead and merge this PR. |
Hey guys, sorry to bring this up here now but what if I already created the domain previously and would like to update my securityPolicy to use 1.2? |
Please ignore my above comment, just read the Known Issues section on README. |
Fixes #236
Description of Issue Fixed
This adds a new paramater
securityPolicy
which allows for setting the TLS version to be used by the created custom domain.